Massive Data Breach at Catholic Health: 483,000 Patient Records Exposed Due to Vendor Error
May 19, 2025
The breach was discovered on November 15, 2024, and involved certain patient information being publicly accessible from September 19, 2024, to November 5, 2024.
The company is collaborating with federal regulators to address the breach and has implemented new security protocols to secure its database.
Serviceaide, a California-based IT management firm, reported a significant data breach affecting over 483,000 patients of Catholic Health, a healthcare network in western New York.
Individuals receiving a data breach notification are encouraged to take immediate protective measures, such as changing passwords for medical accounts and considering credit freezes.
Catholic Health confirmed the breach on its website, attributing the exposure of limited patient information to a vendor incident.
Compromised personal information includes sensitive details such as names, Social Security numbers, dates of birth, medical record numbers, and health insurance information.
In response to the breach, Serviceaide has implemented additional security measures and is offering 12 months of complimentary credit and identity monitoring to affected individuals.
Notification letters are being sent to potentially affected patients, advising them to monitor their account statements and credit reports to prevent identity theft.
Serviceaide has reported the breach to the U.S. Department of Health and Human Services, which has recorded the incident on its tracker.
Edelson Lechtzin LLP is investigating claims of data privacy violations involving Serviceaide and aims to seek legal remedies through a class action lawsuit for affected individuals.
This incident highlights ongoing challenges in healthcare IT regarding the security of third-party systems and the risks posed by configuration errors.
Similar data breaches due to IT misconfigurations are common in the healthcare sector, often leading to significant fines and settlements.
Summary based on 4 sources
Get a daily email with more Tech stories
Sources

SecurityWeek • May 19, 2025
480,000 Catholic Health Patients Impacted by Serviceaide Data Leak
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto • May 19, 2025
Serviceaide Leak Exposes Records of 500,000 Catholic Health Patients
Curated - BLOX Digital Content Exchange • May 19, 2025
DATA BREACH ALERT: Edelson Lechtzin LLP Is Investigating Claims On Behalf Of Serviceaide Customers Whose Data May Have Been Compromised